<?php
session_name("interoprouter");
session_start();

if (isset($_SESSION["logged"]) == true)
{
	if ($_SESSION["logged"] == "yes")
	{	header ("Location: index.php"); exit(); }
	else
	{	header ("Location: notlogged.php?aviso=reiniciarsessao"); exit(); }
}
else
{
	// get data from form login
	$_name = trim($_POST["loginName"]);
	$_password = trim($_POST["loginPassword"]);
	// load database configuration
	ob_start(); include("modules/database.php"); ob_end_clean();
	// auth user
	$dbSql = "SELECT * FROM accounts WHERE accountUser='".$_name."' AND accountPassword='".$_password."'";
	$dbResult = @mysql_query($dbSql);
	if ($dbResult == false)
	{	header ("Location: notlogged.php?aviso=bancodedadosdesligado"); exit(); }
	else if (@mysql_num_rows($dbResult) == 0)
	{	header ("Location: notlogged.php?aviso=logininvalido"); exit(); }
	else // BD ligado, e encontrou o usuario cadastrado
	{
		$dbRow = @mysql_fetch_assoc($dbResult);
		$_SESSION["logged"] = "yes";
		$_SESSION['admin'] = ($dbRow["accountIsAdmin"] == 1) ? ("yes") : ("no");
		$_SESSION['accountId'] = $dbRow["accountId"];
		$_SESSION['accountUser'] = $dbRow["accountUser"];
		//@mysql_free_result($dbResult);
	}
	session_write_close();
	header ("Location: ./index.php");
}

?>